SecurityFocus Microsoft Newsletter #374 ----------------------------------------
This issue is Sponsored by: Insight24 Improve Security Through Proactive Network Assessment & Risk Analysis In this Forrester Research webcast, Dr. Chenxi Wang, Principal Analyst for Security and Risk Management, discusses how proactive network assessment and risk analysis can decrease the number and intensity of security threats. She will also outline key metrics you can use to measure the effectiveness of your vulnerability management programs. Click on the link below to view this on-demand webcast today! http://showcase.insight24.com/?ForresterSecurityFocus SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Real Flaws in Virtual Worlds 2.Copyrights and Wrongs II. MICROSOFT VULNERABILITY SUMMARY 1. Total Player M3U File Denial of Service Vulnerability 2. Winace UUE File Handling Buffer Overflow Vulnerability 3. Zoom Player Malformed ZPL File Buffer Overflow Vulnerability 4. Microsoft Office Publisher Multiple Denial Of Service Vulnerabilities 5. Microsoft Word Wordart Doc Denial Of Service Vulnerability 6. Adobe Flash Player HTTP Response Splitting Vulnerability 7. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability 8. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability 9. Ingres Flawed In User Authentication Unauthorized Access Vulnerability 10. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability 11. WFTPD Explorer Remote Buffer Overflow Vulnerability 12. Adobe Flash Player DNS Rebinding Vulnerability 13. Retired: Adobe Flash Player Multiple Security Vulnerabilities 14. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability 15. Perforce P4Web Content-Length Header Remote Denial Of Service Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Real Flaws in Virtual Worlds By Federico Biancuzzi Massively multiplayer online role playing games (MMORPGs), such as World of Warcraft, have millions of subscribers interacting online, which makes security tricky business. http://www.securityfocus.com/columnists/461 2.Copyrights and Wrongs By Mark Rasch On October 1, 2007, Jammie Thomas -- a single mother living in Brainerd, Minnesota -- was sued in civil court for copyright infringement by the Recording Industry Association of America. Three days later, the jury returned the verdict; Ms. Thomas was liable for willfully infringing the copyrights on 24 songs. The fine: $222,000. http://www.securityfocus.com/columnists/460 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Total Player M3U File Denial of Service Vulnerability BugTraq ID: 27021 Remote: Yes Date Published: 2007-12-25 Relevant URL: http://www.securityfocus.com/bid/27021 Summary: Total Player is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the application. Given the nature of this issue, the attacker may be able to execute arbitrary code, but this has not been confirmed. This issue is reported to affect Total Player 3.0; other versions may also be vulnerable. 2. Winace UUE File Handling Buffer Overflow Vulnerability BugTraq ID: 27017 Remote: Yes Date Published: 2007-12-25 Relevant URL: http://www.securityfocus.com/bid/27017 Summary: Winace is prone to a buffer-overflow vulnerability when handling malicious UUE files. A successful attack can allow a remote attacker to corrupt process memory by triggering a heap-overflow condition when the application handles excessive data in the archive. This vulnerability affects Winace versions prior to 2.69. 3. Zoom Player Malformed ZPL File Buffer Overflow Vulnerability BugTraq ID: 27007 Remote: Yes Date Published: 2007-12-24 Relevant URL: http://www.securityfocus.com/bid/27007 Summary: Zoom Player is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application or to crash the application, denying further service to legitimate users. This issue affects Zoom Player version 6.00 beta 2 and all releases contained in the Zoom Player version 5 branch. 4. Microsoft Office Publisher Multiple Denial Of Service Vulnerabilities BugTraq ID: 26982 Remote: Yes Date Published: 2007-12-22 Relevant URL: http://www.securityfocus.com/bid/26982 Summary: Microsoft Office Publisher is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause the affected application to crash. Arbitrary code execution in the context of the user running the affected application may also be possible; this has not been confirmed. 5. Microsoft Word Wordart Doc Denial Of Service Vulnerability BugTraq ID: 26981 Remote: Yes Date Published: 2007-12-22 Relevant URL: http://www.securityfocus.com/bid/26981 Summary: Microsoft Word is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the affected application to crash. Arbitrary code execution in the context of the user running the affected application may also be possible; this has not been confirmed. This issue affects Word 2003; other versions may also be vulnerable. 6. Adobe Flash Player HTTP Response Splitting Vulnerability BugTraq ID: 26969 Remote: Yes Date Published: 2007-12-20 Relevant URL: http://www.securityfocus.com/bid/26969 Summary: Adobe Flash Player is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input. A remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and 7.0.70.0 and prior versions. NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities). 7. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability BugTraq ID: 26966 Remote: Yes Date Published: 2007-12-18 Relevant URL: http://www.securityfocus.com/bid/26966 Summary: The Adobe Flash Player is prone to a cross-domain security-bypass vulnerability. An attacker can exploit this issue to connect to arbitrary hosts on affected computers. This may allow the application to perform generic TCP requests to determine what services are running on the affected computer. This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0. 7.0.70.0, and prior versions. NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned to this BID because of new technical details. 8. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability BugTraq ID: 26960 Remote: Yes Date Published: 2007-12-18 Relevant URL: http://www.securityfocus.com/bid/26960 Summary: The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability. An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain. This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions. NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned its own BID because new technical details are available. 9. Ingres Flawed In User Authentication Unauthorized Access Vulnerability BugTraq ID: 26959 Remote: Yes Date Published: 2007-12-20 Relevant URL: http://www.securityfocus.com/bid/26959 Summary: Ingres is prone to an unauthorized-access security vulnerability because of a flaw in user authentication. Attackers can exploit this issue to gain unauthorized access to the affected database. Successful exploits can allow attackers to access, create, or modify data; other attacks are possible. This issue affects Ingres 2.5 and 2.6 when running on Windows. NOTE: This issue does not affect the Ingres .NET data provider. 10. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability BugTraq ID: 26949 Remote: Yes Date Published: 2007-12-18 Relevant URL: http://www.securityfocus.com/bid/26949 Summary: Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 11. WFTPD Explorer Remote Buffer Overflow Vulnerability BugTraq ID: 26935 Remote: Yes Date Published: 2007-12-18 Relevant URL: http://www.securityfocus.com/bid/26935 Summary: WFTPD Explorer is prone to a remote heap-based buffer-overflow vulnerability. The issue arises when the client handles excessive string data. By exploiting this issue, a remote attacker may gain unauthorized access in the context of the user running the application. WFTPD Explorer 1.0 is reported vulnerable; other versions may be affected as well. 12. Adobe Flash Player DNS Rebinding Vulnerability BugTraq ID: 26930 Remote: Yes Date Published: 2007-12-18 Relevant URL: http://www.securityfocus.com/bid/26930 Summary: Adobe Flash Player is prone to a DNS rebinding vulnerability that allows remote attackers to establish arbitrary TCP sessions. An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious SWF file. Successfully exploiting this issue allows the attacker to bypass the application's same-origin policy and set up connections to services on arbitrary computers. This may lead to other attacks. 13. Retired: Adobe Flash Player Multiple Security Vulnerabilities BugTraq ID: 26929 Remote: Yes Date Published: 2007-12-18 Relevant URL: http://www.securityfocus.com/bid/26929 Summary: Adobe Flash Player is prone to multiple security vulnerabilities. The following individual records have been created to document these vulnerabilities: 26960 Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability 26951 Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability 26949 Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability 26965 Adobe Flash Player Unspecified Privilege-Escalation Vulnerability 26969 Adobe Flash Player HTTP Response Splitting Vulnerability 26966 Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability These issues affect Adobe Flash Player 9.0.48.0, 8.0.35.0, 7.0.70.0 and prior versions. 14. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability BugTraq ID: 26927 Remote: Yes Date Published: 2007-12-18 Relevant URL: http://www.securityfocus.com/bid/26927 Summary: ClamAV is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data. Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application. ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected. 15. Perforce P4Web Content-Length Header Remote Denial Of Service Vulnerability BugTraq ID: 26806 Remote: Yes Date Published: 2007-12-19 Relevant URL: http://www.securityfocus.com/bid/26806 Summary: Perforce P4Web is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted HTTP requests. An attacker can exploit this issue to cause the application to consume excessive CPU and memory resources. Successful attacks will deny service to legitimate users. P4Web 2006.2 and prior versions running on Windows are affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: Insight24 Improve Security Through Proactive Network Assessment & Risk Analysis In this Forrester Research webcast, Dr. Chenxi Wang, Principal Analyst for Security and Risk Management, discusses how proactive network assessment and risk analysis can decrease the number and intensity of security threats. She will also outline key metrics you can use to measure the effectiveness of your vulnerability management programs. Click on the link below to view this on-demand webcast today! http://showcase.insight24.com/?ForresterSecurityFocus
